Security Alert (A24-01-29): Multiple Vulnerabilities in Linux Operating Systems


 

Published on: 31 January 2024

  
  

Description:

Multiple vulnerabilities are found in all versions of the Linux GNU C Library (glibc) from version 1.04 to the latest release version 2.38. A local authenticated attacker may leverage the vulnerabilities to escalate its privilege or cause denial of service on a vulnerable system.

 

Affected Systems:

  • Linux operating systems with GNU C Library (glibc) installed

It is strongly recommended to consult the vendors if the Linux systems in use are affected.

 

Impact:

Successful exploitation could lead to denial of service or elevation of privilege on an affected system.

 

Recommendation:

The vulnerabilities are fixed in some of the affected Linux distributions such as Debian. The following is only a sample list of Linux distributions that are affected. The list is not exhaustive and it is strongly recommended to consult the vendors if the Linux systems in use are affected. System administrators should check with the vendors to confirm if their Linux systems are affected and the availability of patches, and if so, apply the patches or follow the recommendations provided by the vendors to mitigate the risk.

- Debian
https://security-tracker.debian.org/tracker/CVE-2023-6246
https://security-tracker.debian.org/tracker/CVE-2023-6779
https://security-tracker.debian.org/tracker/CVE-2023-6780

 

More Information:

  • https://blog.qualys.com/vulnerabilities-threat-research/2024/01/30/qualys-tru-discovers-important-vulnerabilities-in-gnu-c-librarys-syslog
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6246
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6779 (to CVE-2023-6780)


Tag: Linux , GNU C , Debian
Tags